Search
Total
6314 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-3552 | 1 Nokia | 1 Series 40 | 2018-10-11 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP1, and possibly later devices, allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 11-15." NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a company led by a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2008-3551 | 1 Sun | 2 Java Platform Micro Edition, Wireless Toolkit | 2018-10-11 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Sun Java Platform Micro Edition (aka Java ME, J2ME, or mobile Java), as distributed in Sun Wireless Toolkit 2.5.2, allow remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20080807, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a company led by a well-known researcher, it is being assigned a CVE identifier for tracking purposes. | |||||
| CVE-2008-3373 | 1 Grisoft | 1 Avg Antivirus | 2018-10-11 | 5.0 MEDIUM | N/A |
| The files parsing engine in Grisoft AVG Anti-Virus before 8.0.156 allows remote attackers to cause a denial of service (engine crash) via a crafted UPX compressed file, which triggers a divide-by-zero error. | |||||
| CVE-2008-3232 | 1 Dotclear | 1 Dotclear | 2018-10-11 | 9.3 HIGH | N/A |
| Unrestricted file upload vulnerability in ecrire/images.php in Dotclear 1.2.7.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images. | |||||
| CVE-2008-3174 | 1 Computer Associates | 3 Host Based Intrusion Prevention System, Internet Security Suite, Personal Firewall | 2018-10-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, allows remote attackers to cause a denial of service via unknown vectors, related to "insufficient validation." | |||||
| CVE-2008-3141 | 1 Wireshark | 1 Wireshark | 2018-10-11 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors. | |||||
| CVE-2008-3140 | 1 Wireshark | 1 Wireshark | 2018-10-11 | 5.0 MEDIUM | N/A |
| The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet." | |||||
| CVE-2008-3139 | 2 Rpath, Wireshark | 2 Rpath Linux, Wireshark | 2018-10-11 | 5.0 MEDIUM | N/A |
| The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error. | |||||
| CVE-2008-3138 | 2 Rpath, Wireshark | 2 Rpath Linux, Wireshark | 2018-10-11 | 5.0 MEDIUM | N/A |
| The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors. | |||||
| CVE-2008-3103 | 1 Sun | 2 Jdk, Jre | 2018-10-11 | 9.3 HIGH | N/A |
| Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors. | |||||
| CVE-2008-2806 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-11 | 7.5 HIGH | N/A |
| Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS X allow remote attackers to bypass the Same Origin Policy and create arbitrary socket connections via a crafted Java applet, related to the Java Embedding Plugin (JEP) and Java LiveConnect. | |||||
| CVE-2008-2625 | 1 Oracle | 2 Database 10g, Database 9i | 2018-10-11 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the Oracle October 2008 CPU. Oracle has not commented on reliable researcher claims that this issue involves an authentication bypass by establishing a TNS connection and impersonating a user session via a crafted authentication message during proxy authentication mode. | |||||
| CVE-2008-2613 | 1 Oracle | 2 Database Scheduler, Database Server | 2018-10-11 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Database Scheduler component in Oracle Database 10.2.0.4 and 11.1.0.6 has unknown impact and local attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is an untrusted search path issue that allows local users to gain privileges via a malicious (1) libclntsh.so or (2) libnnz10.so library. | |||||
| CVE-2008-2603 | 1 Oracle | 1 Enterprise Manager | 2018-10-11 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Resource Manager component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6, and Database Control in Enterprise Manager, has unknown impact and remote authenticated attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a cross-site scripting (XSS) issue that allows remote attackers to inject arbitrary web script or HTML via the REFRESHCHOICE parameter in multiple web pages. | |||||
| CVE-2008-2589 | 1 Oracle | 2 Application Server, Oracle Portal Component | 2018-10-11 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.4.1 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability in the WWV_RENDER_REPORT package that allows remote attackers to execute arbitrary SQL (PL/SQL) commands via the second argument to the SHOW procedure. | |||||
| CVE-2008-2548 | 1 Motorola | 1 Razr | 2018-10-11 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the JPEG thumbprint component in the EXIF parser on Motorola cell phones with RAZR firmware allows user-assisted remote attackers to execute arbitrary code via an MMS transmission of a malformed JPEG image, which triggers memory corruption. | |||||
| CVE-2008-2592 | 1 Oracle | 3 Advanced Replication Component, Database Server, Oracle Database | 2018-10-11 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to SYS.DBMS_DEFER_SYS. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a SQL injection vulnerability in the DELETE_TRAN procedure. | |||||
| CVE-2008-2441 | 1 Cisco | 2 Secure Access Control Server, Secure Acs | 2018-10-11 | 7.5 HIGH | N/A |
| Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x before 4.1(4) Build 13 Patch 11, and 4.2.x before 4.2(0) Build 124 Patch 4 does not properly handle an EAP Response packet in which the value of the length field exceeds the actual packet length, which allows remote authenticated users to cause a denial of service (CSRadius and CSAuth service crash) or possibly execute arbitrary code via a crafted RADIUS (1) EAP-Response/Identity, (2) EAP-Response/MD5, or (3) EAP-Response/TLS Message Attribute packet. | |||||
| CVE-2008-2375 | 1 Redhat | 2 Enterprise Linux, Vsftpd | 2018-10-11 | 7.1 HIGH | N/A |
| Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962. | |||||
| CVE-2008-2273 | 1 Arubanetworks | 2 Aruba Mobility Controller, Arubaos | 2018-10-11 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the TACACS authentication component in Aruba Mobility Controller 3.1.x, 3.2.x, and 3.3.x allows remote authenticated users to gain privileges via unknown vectors. | |||||
| CVE-2008-2051 | 1 Php | 1 Php | 2018-10-11 | 10.0 HIGH | N/A |
| The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars." | |||||
| CVE-2008-2000 | 1 Apple | 1 Safari | 2018-10-11 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Apple Safari 3.1.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls document.write in an infinite loop. | |||||
| CVE-2008-1900 | 1 Carbon Communities | 1 Carbon Communities | 2018-10-11 | 7.5 HIGH | N/A |
| option_Update.asp in Carbon Communities 2.4 and earlier allows remote attackers to edit arbitrary member information via a modified ID field. | |||||
| CVE-2008-1831 | 1 Oracle | 1 Siebel Enterprise | 2018-10-11 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the Siebel SimBuilder component in Oracle Siebel Enterprise 7.8.2 and 7.8.5 have unknown impact and remote or local attack vectors, aka (1) SEBL01, (2) SEBL02, (3) SEBL03, (4) SEBL04, (5) SEBL05, and (6) SEBL06. | |||||
| CVE-2008-1830 | 2 Jdedwards, Oracle | 2 Enterpriseone, Peoplesoft Hcm Eperformance | 2018-10-11 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the PeopleSoft HCM ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 and 9.0 has unknown impact and remote attack vectors, aka PSE03. | |||||
| CVE-2008-1829 | 1 Oracle | 2 Enterpriseone, Peoplesoft Enterprise | 2018-10-11 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the PeopleSoft HCM Recruiting component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1 has unknown impact and remote attack vectors, aka PSE02. | |||||
| CVE-2008-1828 | 2 Jdedwards, Oracle | 2 Enterpriseone, Peoplesoft Enterprise | 2018-10-11 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.19, 8.48.16, and 8.49.09 has unknown impact and remote authenticated attack vectors, aka PSE01. | |||||
| CVE-2008-1827 | 1 Oracle | 2 E-business Suite 11i, E-business Suite 12 | 2018-10-11 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 and 12.0.4 have unknown impact and attack vectors related to (a) Advanced Pricing component, aka (1) APP02, (2) APP03, and (3) APP09; (b) Application Object Library component, aka (4) APP04, (5) APP07, and (6) APP11; (c) Applications Manager component, aka (7) APP06; (d) and Applications Technology Stack component, aka (8) APP08. | |||||
| CVE-2008-1826 | 1 Oracle | 1 E-business Suite | 2018-10-11 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 have unknown impact and attack vectors related to (a) Advanced Pricing, aka (1) APP01 and (2) APP10; and (b) Applications Framework, aka (3) APP05. | |||||
| CVE-2008-1825 | 1 Oracle | 1 Application Server 9i | 2018-10-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 has unknown impact and remote attack vectors, aka AS03. | |||||
| CVE-2008-1823 | 1 Oracle | 1 Jinitiator | 2018-10-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.14 has unknown impact and remote attack vectors, aka AS01. | |||||
| CVE-2008-1822 | 1 Oracle | 1 Application Express | 2018-10-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Oracle Application Express component in Oracle Application Express 3.0.1 has unknown impact and remote attack vectors, aka APEX02. | |||||
| CVE-2008-1821 | 1 Oracle | 1 Database Server | 2018-10-11 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Advanced Queuing component in Oracle Database 9.0.1.5 FIPS+, and 10.1.0.5 has unknown impact and remote attack vectors related to SYS.DBMS_AQJMS_INTERNAL, aka DB15. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB15 is for multiple buffer overflows in the (1) AQ$_REGISTER and (2) AQ$_UNREGISTER procedures. | |||||
| CVE-2008-1820 | 1 Oracle | 3 Database 10g, Database 11g, Database 9i | 2018-10-11 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Data Pump component in Oracle Database 9.2.0.8, 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote attack vectors related to KUPF$FILE_INT, aka DB11. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB11 is for a buffer overflow in the SYS.KUPF$FILE_INT.GET_FULL_FILENAME procedure. | |||||
| CVE-2008-1819 | 1 Oracle | 2 Database 9i, Database Server | 2018-10-11 | 7.2 HIGH | N/A |
| Unspecified vulnerability in the Oracle Net Services component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors, aka DB09. | |||||
| CVE-2008-1818 | 1 Oracle | 1 Database Server | 2018-10-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.6 has unknown impact and remote attack vectors, aka DB08. | |||||
| CVE-2008-1817 | 1 Oracle | 2 Database 9i, Database Server | 2018-10-11 | 9.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.3, and 11.1.0.6 have unknown impact and remote attack vectors related to (1) SDO_IDX in the Spatial component, aka DB07; and (2) Core RDBMS, aka DB10. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB07 is SQL injection. | |||||
| CVE-2008-1815 | 1 Oracle | 2 Database 10g, Database 11g | 2018-10-11 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Change Data Capture component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.6 has unknown impact and remote authenticated attack vectors related to DBMS_CDC_UTILITY, aka DB02. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that DB02 is for SQL injection in LOCK_CHANGE_SET. | |||||
| CVE-2008-1816 | 1 Oracle | 1 Database Server | 2018-10-11 | 5.5 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.3 have unknown impact and remote authenticated attack vectors related to (1) SDO_UTIL in the Oracle Spatial component, aka DB05; or (2) fine grained auditing in the Audit component, aka DB14. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB05 is SQL injection. | |||||
| CVE-2008-1813 | 1 Oracle | 2 Database 9i, Database Server | 2018-10-11 | 6.5 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 have unknown impact and remote unauthenticated or authenticated attack vectors related to (1) SYS.DBMS_AQ in the Advanced Queuing component, aka DB01; (2) Core RDBMS, aka DB03; (3) SDO_GEOM in Oracle Spatial, aka DB06; (4) Export, aka DB12; and (5) DBMS_STATS in Query Optimizer, aka DB13. NOTE: the previous information was obtained from the Oracle CPU. Oracle has not commented on reliable researcher claims that DB06 is SQL injection, and DB13 occurs when the OUTLN account is reset to use a hard-coded password. | |||||
| CVE-2008-1812 | 1 Oracle | 2 Application Server, Database 9i | 2018-10-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Oracle Enterprise Manager component in Oracle Database 9.0.1.5 FIPS+; Application Server 1.0.2.2; and Enterprise Manager for AS 1.0.2.2 and Database 9.0.1.5 has unknown impact and local attack vectors, aka EM01. | |||||
| CVE-2008-1811 | 1 Oracle | 1 Application Express | 2018-10-11 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Application Express 3.0.1 has unspecified impact and remote authenticated attack vectors related to flows_030000.wwv_execute_immediate, aka APEX01. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that APEX01 is for insufficient authorization checks for SQL commands in the run_ddl function in flows_030000.wwv_execute_immediate, allowing privilege escalation by certain non-DBA remote authenticated users. | |||||
| CVE-2008-1797 | 1 Secure Computing | 1 Webwasher | 2018-10-11 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Secure Computing Webwasher 5.30 before build 3159 and 6.3.0 before build 3150 allows remote attackers to cause a denial of service (freeze) via a crafted URL. | |||||
| CVE-2008-1675 | 1 Linux | 1 Linux Kernel | 2018-10-11 | 7.2 HIGH | N/A |
| The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory. | |||||
| CVE-2008-1563 | 1 Wireshark | 1 Wireshark | 2018-10-11 | 4.3 MEDIUM | N/A |
| The "decode as" feature in packet-bssap.c in the SCCP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet. | |||||
| CVE-2008-1562 | 1 Wireshark | 1 Wireshark | 2018-10-11 | 5.0 MEDIUM | N/A |
| The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740. | |||||
| CVE-2008-1561 | 1 Wireshark | 1 Wireshark | 2018-10-11 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X.509sat or (2) Roofnet dissectors. NOTE: Vector 2 might also lead to a hang. | |||||
| CVE-2008-1364 | 1 Vmware | 6 Ace, Player, Server and 3 more | 2018-10-11 | 7.8 HIGH | N/A |
| Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware ACE 1.0.x before 1.0.5, VMware Server 1.0.x before 1.0.5, and VMware Fusion 1.1.x before 1.1.1 allows attackers to cause a denial of service. | |||||
| CVE-2008-1235 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2018-10-11 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals." | |||||
| CVE-2011-0322 | 1 Rsa | 1 Access Manager Server | 2018-10-10 | 7.5 HIGH | N/A |
| Unspecified vulnerability in EMC RSA Access Manager Server 5.5.x, 6.0.x, and 6.1.x allows remote attackers to access resources via unknown vectors. | |||||